Linked by Thom Holwerda on Fri 23rd Sep 2011 22:22 UTC, submitted by kragil
Windows The story about how secure boot for Windows 8, part of UEFI, will hinder the use of non-signed binaries and operating systems, like Linux, has registered at Redmond as well. The company posted about it on the Building Windows 8 blog - but didn't take any of the worries away. In fact, Red Hat's Matthew Garrett, who originally broke this story, has some more information - worst of which is that Red Hat has received confirmation from hardware vendors that some of them will not allow you to disable secure boot.
Thread beginning with comment 490532
To read all comments associated with this story, please click here.
Threat to Microsoft, too
by zztaz on Fri 23rd Sep 2011 23:03 UTC
zztaz
Member since:
2006-09-16

Sure, OEM incompetence regarding secure booting will most often work to Microsoft's advantage, but not always. It is also possible that users may buy some future Sony laptop and later discover that Sony only included keys for Windows 7 and they can't upgrade to Windows 8. Take it one step further - the owner can only run the Sony restore image that came with the system, and can't even upgrade from Home to Ultimate.

Don't think that Sony would do something like that? We are, after all, talking about a company that intentionally silently installed rootkits on other people's computers worldwide. There are other companies capable of acting like that, and many more who could do it out of ignorance.

Linux users alone may not have enough influence to change this. We need to convince Windows users that they are at risk, too. And they are.

Reply Score: 1

RE: Threat to Microsoft, too
by n4cer on Fri 23rd Sep 2011 23:23 in reply to "Threat to Microsoft, too"
n4cer Member since:
2005-07-06

Windows 7 doesn't support secure boot.
An accurate example would be a user who purchases a Windows 8 system from an OEM that does not include an option to disable secure boot. The user is unable to install any prior version of Windows (other than in a VM) since none support secure boot.

Reply Parent Score: 4

RE: Threat to Microsoft, too
by Drumhellar on Sat 24th Sep 2011 01:02 in reply to "Threat to Microsoft, too"
Drumhellar Member since:
2005-07-12

Maybe Sony isn't the best example.

Also, Sony is the only major OEM I can think of that actually has a BTO option to have a vanilla Windows 7 installation, rather than Win7 + OEM crap, and at no extra charge.

Also, regarding the rootkits, their Sony Music group is separate from their VAIO group.

Reply Parent Score: 4

RE[2]: Threat to Microsoft, too
by zztaz on Sat 24th Sep 2011 01:36 in reply to "RE: Threat to Microsoft, too"
zztaz Member since:
2006-09-16

Feel free to pick another example. I'll take your word that Sony's laptop group won't do this, but the parent corporation has demonstrated their willingness to harm Sony customers. All it would take is a new head for that division.

The point remains: Microsoft is leaving the door open for OEMs to handle secure booting in ways that could harm Windows users as well as Linux users. Some OEM will do so. It doesn't matter whether it's Sony or someone else. Microsoft isn't going to listen to Linux users. They might listen to Windows users. Help me convince Windows users that they should be concerned about the way this UEFI feature is implemented. By the way, it is a useful feature, but only if it's done right.

I'm tired of short-sighted people saying that they don't care about some issue because it doesn't affect them. Yes it does. Don't tell me that you don't care about Firefox because you use IE. The only reason IE exists is because Netscape existed. Once Netscape ceased to be a threat, IE stagnated. As soon as Firefox came about, IE resumed improving. You don't need to use something to benefit from its existence.

If the stupidity of OEMs allows Microsoft to gain an effective lock-in on some hardware, that hurts everyone. It hurts people who buy non-crippled hardware, because they have fewer choices. It hurts Windows users because it gives Microsoft one more reason to ignore Windows users; if your hardware only runs Windows, why should Microsoft listen to you? You're stuck running Windows no matter how they treat you.

Reply Parent Score: 7

RE: Threat to Microsoft, too
by Icaria on Sat 24th Sep 2011 06:40 in reply to "Threat to Microsoft, too"
Icaria Member since:
2010-06-19

Unless the Win8 keys are compromised between the releases of Win8 and Win9, they would be the same keys.

The problem remains, however, that those keys are only valid for MS or MS-licensed soft/hardware.

Edited 2011-09-24 06:45 UTC

Reply Parent Score: 3

RE[2]: Threat to Microsoft, too
by Alfman on Sat 24th Sep 2011 07:04 in reply to "RE: Threat to Microsoft, too"
Alfman Member since:
2011-01-28

Icaria,

"Unless the Win8 keys are compromised between the releases of Win8 and Win9, they would be the same keys."

Most likely the bios will trust one or more microsoft signing keys, and those keys will then be used to sign individual operating systems + updates. Therefor, a single MS key in the bios should work with all microsoft's current and future operating systems.

I am assuming microsoft will sign all it's current/future operating systems with all bios keys, which may not be the case. They could omit signatures in order to enforce planned obsolescence.

Reply Parent Score: 4

RE: Threat to Microsoft, too
by segedunum on Tue 27th Sep 2011 00:14 in reply to "Threat to Microsoft, too"
segedunum Member since:
2005-07-06

It is also possible that users may buy some future Sony laptop and later discover that Sony only included keys for Windows 7 and they can't upgrade to Windows 8. Take it one step further - the owner can only run the Sony restore image that came with the system, and can't even upgrade from Home to Ultimate.

Bingo. You're thinking along exactly the right lines. I'm not sure why you haven't been modded up.

It also gets around the uncomfortable virtualisation problem Microsoft doesn't like where you can run free virtualisation platforms and where people have been running versions of Windows long after they have ended support.

Edited 2011-09-27 00:16 UTC

Reply Parent Score: 2